This invention relates to the field of computers. More particularly, a system and methods are provided for ensuring the validity of data transmitted between protection domains in which different data integrity protection schemes are applied.
A protection domain is a set of physical and/or logical objects for processing or communicating data. A protection domain may therefore comprise physical components of a computing device or network, such as a disk drive, a communication interface, a communication link, etc. Also, a protection domain may comprise logical components of a computing device or network, such as an operating system, a set of program objects, a protocol, etc.
Protection domains may have a variety of scopes or sizes, and so a large system or network may include any number of protection domains covering different subsystems or sub-networks. Different protection domains may employ different ECC (Error Checking and Correction) schemes for protecting data, such as different checksum types or algorithms, different parity computations, etc.
Existing schemes for protecting the integrity of data within protection domains generally deal with protection domains that completely overlap or that are completely separate. An example of the former can be seen in how an NFS (Network File System) application may apply an ECC scheme (e.g., application-level checksums) to data delivered via TCP (Transport Control Protocol), which is already protected by transport-level checksums. The NFS domain completely overlaps the TCP domain.
An example of non-overlapping protection domains may be seen in the relationship between TCP data being delivered across a communication link and a disk drive on which the data will be stored. The TCP and disk domains are completely separate.
However, existing data integrity protection schemes do not address environments in which one protection domain, such as NFS, partially overlaps another domain, such as a disk drive on which NFS data is stored. These schemes therefore cannot ensure that data is not corrupted as it transitions between one protection domain and another, partially overlapping domain.
As a result, there is often no guarantee that data written to a disk drive (or other storage device) or network (or other communication) link will match what is later read from the disk drive or received at another point on the network link. And, as storage densities increase and storage devices and communication links carry greater and greater amounts of data, the likelihood of some portion of the data being corrupted increases commensurately.
Thus, there is a need for a system and a method for ensuring the integrity of data as it is passed between partially overlapping protection domains.